Instragam followers spam from Google Gmail
Posted by Dave Yadallee on
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Tue, 21 May 2024 21:18:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97.1 (FreeBSD))
(envelope-from)
id 1s9cTb-00000000L1Q-0TCg
for dave@doctor.nl2k.ab.ca;
Tue, 21 May 2024 21:17:15 -0600
Resent-From: The Doctor
Resent-Date: Tue, 21 May 2024 21:17:15 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mail-yw1-f199.google.com ([209.85.128.199]:49654)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256
(Exim 4.97.1 (FreeBSD))
(envelope-from)
id 1s9bUl-00000000DX9-1oVp
for sales@nk.ca;
Tue, 21 May 2024 20:14:27 -0600
Received: by mail-yw1-f199.google.com with SMTP id 00721157ae682-61d21cf3d3bso235611057b3.3
for; Tue, 21 May 2024 19:12:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20230601; t=1716343941; x=1716948741; darn=nk.ca;
h=content-transfer-encoding:to:from:subject:date:message-id
:mime-version:from:to:cc:subject:date:message-id:reply-to;
bh=oi+Vw5bLxMvxUzBhczT35DZo2PdUc9dDvRdYwiZ2M2U=;
b=Qe9fPfuJK7g3Ci0teutzulMdhccKQgpVagcI8Fxbd7O0iZl2XI2JwWu21UV9wk1l9a
zz/GnEkdalsM1ojbQntXmmC6E+d4+BhOW04M3xEXt+cin3MPMbi4fU/dMhulM3tPmjnJ
sYcigmSIha3s9F94HqJ/VFDshT91AKGcpshWo1SD8gThevroZji4tKCX/w1eF727ZhY+
3MNiMYJ+jDcjOBa8mbOEsB8ULJAO5dGH6344GipqQTxktv9rEcJUg2T5J5ZD/VvM0CPz
dfJKwzeFh9U7o7gmnvsfYis9rHixWkvg8ff2FhAbbKjVv/WxLKHX++RhwpPyvXhycOGm
rHPQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1716343941; x=1716948741;
h=content-transfer-encoding:to:from:subject:date:message-id
:mime-version:x-gm-message-state:from:to:cc:subject:date:message-id
:reply-to;
bh=oi+Vw5bLxMvxUzBhczT35DZo2PdUc9dDvRdYwiZ2M2U=;
b=b5fz24mpjPQMtPlvJK/Qd/QcKP6uf9zsaLuHIm0Hifl9MezmhVUIXdrgB1HMiGCDWg
crhwSGn6n2ybbrr/wOeSvIYCb4zuyoK18RxxfBCCeCRv9J6/Xe1jjMqaGc9LbenDnV2o
BBAly+UHnA1+nTigrhGVyrRttS1YR19SFnx8W8elLRtxZXtGDiRwKt/EypjMoa7HHmAL
+jwcwYqAiEGjbgi3RYojYfxKJGFxmQVJlZ9E4HNcocnflBPwTTcEfSbi9HAzDPcP8FW9
7jaoKIFaFp1ypKg9oD8w0g7ib6Ow8Gp2OsPhTxyvv8Q192S9Xp/6wPipd7IhbM15F6hw
UPVw==
X-Gm-Message-State: AOJu0YwcE7cWP5sAA7aMUYqPTrS4JoLaWesCFL9/dSWrFmjwW/5j1ld4
CHo6rwxvVH5Vabt+0AC5F1XJzeT6C+zhCMCtax4T7HaD2uezp6GqgZWypBy24mdk8yN7RCA1/G0
=
X-Google-Smtp-Source: AGHT+IHYPrmQ6bMeWalJGB7AN03t/JWyCwacJxhEaNklBwZye8Pvb7ch/JMo6SwUjVZuyrwPFTo9vP3rCA==
MIME-Version: 1.0
X-Received: by 2002:a05:6102:14a7:b0:47c:28c1:5379 with SMTP id
ada2fe7eead31-48077eb3c8fmr27682209137.33.1716234568091; Mon, 20 May 2024
12:49:28 -0700 (PDT)
Message-ID:
Date: Mon, 20 May 2024 19:49:28 +0000
Subject: daveyadallee, AMAZING
From: cahyonosaryoni@gmail.com
To: sales@nk.ca
Content-Type: text/plain; charset="UTF-8"; format=flowed; delsp=yes
Content-Transfer-Encoding: base64
X-Spam_score: 10.7
X-Spam_score_int: 107
X-Spam_bar: ++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Hi , daveyadallee Get 100K Followers Instagram NOW ! Please
visit the web page below . [ https://linktr.ee/instamediamax?daveyadallee
]
Content analysis details: (10.7 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org
[209.85.128.199 listed in dnsbl.ahbl.org]
[209.85.128.199 listed in dnsbl.ahbl.org]
[209.85.128.199 listed in dnsbl.ahbl.org]
[209.85.128.199 listed in dnsbl.ahbl.org]
0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org
[209.85.128.199 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org
[209.85.128.199 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org
[209.85.128.199 listed in dnsbl.ahbl.org]
1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org
[209.85.128.199 listed in dnsbl.ahbl.org]
1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org
[209.85.128.199 listed in will-spam-for-food.eu.org]
[209.85.128.199 listed in will-spam-for-food.eu.org]
[209.85.128.199 listed in will-spam-for-food.eu.org]
[209.85.128.199 listed in will-spam-for-food.eu.org]
[209.85.128.199 listed in will-spam-for-food.eu.org]
[209.85.128.199 listed in will-spam-for-food.eu.org]
[209.85.128.199 listed in will-spam-for-food.eu.org]
[209.85.128.199 listed in will-spam-for-food.eu.org]
-0.0 SPF_PASS SPF: sender matches SPF record
1.3 RCVD_IN_VALIDITY_RPBL RBL: Relay in Validity RPBL,
https://senderscore.org/blocklistlookup/
[209.85.128.199 listed in bl.score.senderscore.com]
1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,
https://senderscore.org/blacklistlookup/
[209.85.128.199 listed in bl.score.senderscore.com]
-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
[209.85.128.199 listed in wl.mailspike.net]
-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from
envelope-from domain
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
domain
0.5 DATE_IN_PAST_24_48 Date: is 24 to 48 hours before Received: date
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
[cahyonosaryoni(at)gmail.com]
2.0 RATWR8_MESSID Message-ID with excessive dashes and dollars
1.0 FREEMAIL_REPLY From and body contain different freemails
Subject: {SPAM?} daveyadallee, AMAZING
X-Antivirus: AVG (VPS 240522-6, 5/22/2024), Inbound message
X-Antivirus-Status: Clean
SGkgLA0KZGF2ZXlhZGFsbGVlDQoNCg0KR2V0IDEwMEsgRm9sbG93ZXJzIEluc3RhZ3JhbSBOT1cg
IQ0KUGxlYXNlIHZpc2l0IHRoZSB3ZWIgcGFnZSBiZWxvdyAuDQoNClsgaHR0cHM6Ly9saW5rdHIu
ZWUvaW5zdGFtZWRpYW1heD9kYXZleWFkYWxsZWUgXQ0KDQpEbyB5b3UgaGF2ZSBhYm91dCBbIExl
c3MgdGhhbiAxMDBLIF0gRm9sbG93ZXJzID8NClNwZWNpYWxzICBsaW1pdGVkICBPZmYgNDAlIFRv
ZGF5Li4uISEhDQpJbmNyZWFzZSBOb3cgLi4hISENCg0KLSBpbnN0YW50IHByb2Nlc3MNCi0gU2Fm
ZXN0IE1ldGhvZHMNCi0gUHJpdmFjeSBQcm90ZWN0aW9uDQotIFNwZWVkIDEwMEsgRm9sbG93ZXJz
L2RheQ0KLSBIaWdoIFF1YWxpdHkgRm9sbG93ZXJzICYgUmVhbA0KLSBEcm9wLUJhY2sgR3VhcmFu
dGVlDQotIFRydXN0ZWQgU2VsbGVyIHRlc3RpbW9ueQ0KLSBTdGFydGluZyBnZXQgNUsgRm9sbG93
ZXJzIEluc3RhZ3JhbQ0KLSBHdWFyYW50ZWVkIHRvIGJlIHRoZSBjaGVhcGVzdA0KDQpUaGFuayB5
b3UsDQpSZWdhcmRzLA0Kc29jaWFsaW5zdGFtYXhAZ21haWwuY29tDQoNCkNvcHlyaWdodCDCqSAy
MDE0IC0gMjAyNSBJbnN0YW1lZGlhTUFYLiBBbGwgUmlnaHRzIFJlc2VydmVkLg0K
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Tue, 21 May 2024 21:18:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97.1 (FreeBSD))
(envelope-from
id 1s9cTb-00000000L1Q-0TCg
for dave@doctor.nl2k.ab.ca;
Tue, 21 May 2024 21:17:15 -0600
Resent-From: The Doctor
Resent-Date: Tue, 21 May 2024 21:17:15 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mail-yw1-f199.google.com ([209.85.128.199]:49654)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256
(Exim 4.97.1 (FreeBSD))
(envelope-from
id 1s9bUl-00000000DX9-1oVp
for sales@nk.ca;
Tue, 21 May 2024 20:14:27 -0600
Received: by mail-yw1-f199.google.com with SMTP id 00721157ae682-61d21cf3d3bso235611057b3.3
for
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20230601; t=1716343941; x=1716948741; darn=nk.ca;
h=content-transfer-encoding:to:from:subject:date:message-id
:mime-version:from:to:cc:subject:date:message-id:reply-to;
bh=oi+Vw5bLxMvxUzBhczT35DZo2PdUc9dDvRdYwiZ2M2U=;
b=Qe9fPfuJK7g3Ci0teutzulMdhccKQgpVagcI8Fxbd7O0iZl2XI2JwWu21UV9wk1l9a
zz/GnEkdalsM1ojbQntXmmC6E+d4+BhOW04M3xEXt+cin3MPMbi4fU/dMhulM3tPmjnJ
sYcigmSIha3s9F94HqJ/VFDshT91AKGcpshWo1SD8gThevroZji4tKCX/w1eF727ZhY+
3MNiMYJ+jDcjOBa8mbOEsB8ULJAO5dGH6344GipqQTxktv9rEcJUg2T5J5ZD/VvM0CPz
dfJKwzeFh9U7o7gmnvsfYis9rHixWkvg8ff2FhAbbKjVv/WxLKHX++RhwpPyvXhycOGm
rHPQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1716343941; x=1716948741;
h=content-transfer-encoding:to:from:subject:date:message-id
:mime-version:x-gm-message-state:from:to:cc:subject:date:message-id
:reply-to;
bh=oi+Vw5bLxMvxUzBhczT35DZo2PdUc9dDvRdYwiZ2M2U=;
b=b5fz24mpjPQMtPlvJK/Qd/QcKP6uf9zsaLuHIm0Hifl9MezmhVUIXdrgB1HMiGCDWg
crhwSGn6n2ybbrr/wOeSvIYCb4zuyoK18RxxfBCCeCRv9J6/Xe1jjMqaGc9LbenDnV2o
BBAly+UHnA1+nTigrhGVyrRttS1YR19SFnx8W8elLRtxZXtGDiRwKt/EypjMoa7HHmAL
+jwcwYqAiEGjbgi3RYojYfxKJGFxmQVJlZ9E4HNcocnflBPwTTcEfSbi9HAzDPcP8FW9
7jaoKIFaFp1ypKg9oD8w0g7ib6Ow8Gp2OsPhTxyvv8Q192S9Xp/6wPipd7IhbM15F6hw
UPVw==
X-Gm-Message-State: AOJu0YwcE7cWP5sAA7aMUYqPTrS4JoLaWesCFL9/dSWrFmjwW/5j1ld4
CHo6rwxvVH5Vabt+0AC5F1XJzeT6C+zhCMCtax4T7HaD2uezp6GqgZWypBy24mdk8yN7RCA1/G0
=
X-Google-Smtp-Source: AGHT+IHYPrmQ6bMeWalJGB7AN03t/JWyCwacJxhEaNklBwZye8Pvb7ch/JMo6SwUjVZuyrwPFTo9vP3rCA==
MIME-Version: 1.0
X-Received: by 2002:a05:6102:14a7:b0:47c:28c1:5379 with SMTP id
ada2fe7eead31-48077eb3c8fmr27682209137.33.1716234568091; Mon, 20 May 2024
12:49:28 -0700 (PDT)
Message-ID:
Date: Mon, 20 May 2024 19:49:28 +0000
Subject: daveyadallee, AMAZING
From: cahyonosaryoni@gmail.com
To: sales@nk.ca
Content-Type: text/plain; charset="UTF-8"; format=flowed; delsp=yes
Content-Transfer-Encoding: base64
X-Spam_score: 10.7
X-Spam_score_int: 107
X-Spam_bar: ++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Hi , daveyadallee Get 100K Followers Instagram NOW ! Please
visit the web page below . [ https://linktr.ee/instamediamax?daveyadallee
]
Content analysis details: (10.7 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org
[209.85.128.199 listed in dnsbl.ahbl.org]
[209.85.128.199 listed in dnsbl.ahbl.org]
[209.85.128.199 listed in dnsbl.ahbl.org]
[209.85.128.199 listed in dnsbl.ahbl.org]
0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org
[209.85.128.199 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org
[209.85.128.199 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org
[209.85.128.199 listed in dnsbl.ahbl.org]
1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org
[209.85.128.199 listed in dnsbl.ahbl.org]
1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org
[209.85.128.199 listed in will-spam-for-food.eu.org]
[209.85.128.199 listed in will-spam-for-food.eu.org]
[209.85.128.199 listed in will-spam-for-food.eu.org]
[209.85.128.199 listed in will-spam-for-food.eu.org]
[209.85.128.199 listed in will-spam-for-food.eu.org]
[209.85.128.199 listed in will-spam-for-food.eu.org]
[209.85.128.199 listed in will-spam-for-food.eu.org]
[209.85.128.199 listed in will-spam-for-food.eu.org]
-0.0 SPF_PASS SPF: sender matches SPF record
1.3 RCVD_IN_VALIDITY_RPBL RBL: Relay in Validity RPBL,
https://senderscore.org/blocklistlookup/
[209.85.128.199 listed in bl.score.senderscore.com]
1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,
https://senderscore.org/blacklistlookup/
[209.85.128.199 listed in bl.score.senderscore.com]
-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
[209.85.128.199 listed in wl.mailspike.net]
-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from
envelope-from domain
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
domain
0.5 DATE_IN_PAST_24_48 Date: is 24 to 48 hours before Received: date
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
[cahyonosaryoni(at)gmail.com]
2.0 RATWR8_MESSID Message-ID with excessive dashes and dollars
1.0 FREEMAIL_REPLY From and body contain different freemails
Subject: {SPAM?} daveyadallee, AMAZING
X-Antivirus: AVG (VPS 240522-6, 5/22/2024), Inbound message
X-Antivirus-Status: Clean
SGkgLA0KZGF2ZXlhZGFsbGVlDQoNCg0KR2V0IDEwMEsgRm9sbG93ZXJzIEluc3RhZ3JhbSBOT1cg
IQ0KUGxlYXNlIHZpc2l0IHRoZSB3ZWIgcGFnZSBiZWxvdyAuDQoNClsgaHR0cHM6Ly9saW5rdHIu
ZWUvaW5zdGFtZWRpYW1heD9kYXZleWFkYWxsZWUgXQ0KDQpEbyB5b3UgaGF2ZSBhYm91dCBbIExl
c3MgdGhhbiAxMDBLIF0gRm9sbG93ZXJzID8NClNwZWNpYWxzICBsaW1pdGVkICBPZmYgNDAlIFRv
ZGF5Li4uISEhDQpJbmNyZWFzZSBOb3cgLi4hISENCg0KLSBpbnN0YW50IHByb2Nlc3MNCi0gU2Fm
ZXN0IE1ldGhvZHMNCi0gUHJpdmFjeSBQcm90ZWN0aW9uDQotIFNwZWVkIDEwMEsgRm9sbG93ZXJz
L2RheQ0KLSBIaWdoIFF1YWxpdHkgRm9sbG93ZXJzICYgUmVhbA0KLSBEcm9wLUJhY2sgR3VhcmFu
dGVlDQotIFRydXN0ZWQgU2VsbGVyIHRlc3RpbW9ueQ0KLSBTdGFydGluZyBnZXQgNUsgRm9sbG93
ZXJzIEluc3RhZ3JhbQ0KLSBHdWFyYW50ZWVkIHRvIGJlIHRoZSBjaGVhcGVzdA0KDQpUaGFuayB5
b3UsDQpSZWdhcmRzLA0Kc29jaWFsaW5zdGFtYXhAZ21haWwuY29tDQoNCkNvcHlyaWdodCDCqSAy
MDE0IC0gMjAyNSBJbnN0YW1lZGlhTUFYLiBBbGwgUmlnaHRzIFJlc2VydmVkLg0K
Trackbacks
Trackback specific URI for this entryThis link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.
No Trackbacks
Comments
Display comments as Linear | ThreadedNo comments